D-Bus: Format string vulnerabilityA vulnerability has been found in D-Bus possibly resulting in a
local Denial of Service.
dbus2017-01-112017-01-11596772local1.10.121.10.12

D-Bus is a message bus system, a simple way for applications to talk to
one another.

It was discovered that D-Bus incorrectly handles certain format strings.

The impact of this new vulnerability is believed to not be exploitable
if D-Bus is patched against CVE-2015-0245. The previous vulnerability
(CVE-2015-0245) was addressed in GLSA-201503-02 referenced below.

A local attacker could cause a Denial of Service condition or possibly
execute arbitrary code.

The vulnerable D-Bus interface is intended only for use by systemd
running as root.

The administrator can install a policy which denies sending from
org.freedesktop.systemd1.Activator” to D-Bus. This will prevent
non-root attackers from reaching the interface in order to exercise this
flaw.